Search results

Home / Search

Category:
Select
Select

11275 results

Guest

Guest

Create New Topic As guest or Sign in

HTML tags are not allowed

Select

Assign topic to the user

  • Business continuity plans


    Answer: Yes. In a general manner, you can have business continuity plans related to the continuity of business processes themselves and plans for the continuity of the infrastructure that support business processes. As an example you can think about a sale process supported by an information system hosted in a remote data center. In this case you can have a business disruption happening either in the point of sale (e.g., an store) or in the data center. For each situation you should consider a different business plan.

    Additionally, the business plan itself must consider different types of action:
    - emergency actions to be performed right after the disruption being identified;
    - continuity actions to bring activities back to minimum agreed levels;
    - recovery actions to bring activities back to normal operations.

    These articles will provide you further explanation about business continuity plans:
    - How to write business continuity plans? https://advisera.com/27001academy/blog/2 010/04/08/how-to-write-business-continuity-plans/
    - Business continuity plan: How to structure it according to ISO 22301 https://advisera.com/27001academy/knowledgebase/business-continuity-plan-how-to-structure-it-according-to-iso-22301/
    - ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care https://advisera.com/27001academy/blog/2016/11/07/iso-22301-case-study-in-the-travel-industry-business-continuity-as-a-necessity-in-customer-care/

    This material will also help you regarding business continuity plans:
    - Book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation https://advisera.com/books/becoming-resilient-the-definitive-guide-to-iso-22301-implementation/

  • ISO 27001 security controls


    (How do the 114 controls that are applied in the standard work?)

    Answer: The controls stated on Annex A of ISO 27001 standard should be applied to treat risks identified as unacceptable as a result of a risk assessment. Each one of them has characteristics that can be used, alone or in combination with other controls, to minimize the probability of occurrence of a risk or its impact to the organization.

    For example, if your risk assessment identifies that the loss of a electronic database is unacceptable, you can decide to mitigate this risk, and by consulting the controls of Annex A, you can decide to apply controls A.12.2.1 (Controls against malware), to minimize chances of a virus or other malicious software compromise your database, and control A.12.3.1 (Information backup) to minimize the impact of information compromise if a risk realizes, by maximizing the data that can be recovered by using a backup.

    This article will provide you further explanation about ISO 27001 se curity controls:
    - The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
    - Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
    - How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

    These materials will also help you regarding ISO 27001 security controls:
    - ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • ISO 27001 certification

    Thanks very much rhandleal.

  • ISO 27001 and ISO 27002


    Answer: Since you mentioned your current role is heading IT infra, I'd suggest you pursue first ISO 27001 knowledge, because it can help you understand how justify and prioritize which security controls should be implemented and how they should be managed, activities more related to your role. Additionally, if you are considering ISO implementation, ISO 27001 is the standard to be considered, since ISO 27002 is not certifiable.

    ISO 27002 focuses on details and recommendations to be observed for implementing ISO 27001 Annex A controls, and are more recommended for technical and operational personnel.

    This article will provide you further explanation about ISO 27001 and ISO 27002 standards:
    - ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

    These materials will also help you regarding ISO 27001 and ISO 27002 standards:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

  • Smq in a power plant

    Hi and thank you for all what you give for us. Please im now folowing a project of implementing an smq with a consultant in one of our power plant, and we have many problems : 1. We have chose à wrong project manager. And now we are in the description of the processus and interaction. Can we remove him and replace by an other? 2. The consultant at gap analysis didnot use the documentary audit. He only made the interview !. When I asked him. He told me I will do it letter. Iis it a problem ? 3. When they describe the processus. They add a processus of social partener. Even its dont influence the smq. Is it correct? 4. The consultant has proposed a quality policy without see the policy of the power plant! Can it possible ? Thank you in advance

  • ISO 9001 document requirements for a repair shop


    Thank you for any help you can offer.

    Answer:

    The requirements for document and records are the same regardless of the size of the company, but this new version of ISO 9001 allows you to decrease the amount of documentation. There are no requirements for SOPs and WI, so you can decide by yourself what SOP and WIs are worth documenting. I would suggest you to document them only for activities and processes that are complex and have higher chances of nonconformities. The more competent employees you have, the less documents you need.

    For more information, see: Deciding Which Procedures to Document in QMS https://advisera.com/9001academy/blog/2013/11/26/deciding-procedures-document-qms/

  • Making simple EMS system


    Answer:

    The essence of the EMS (Environmental Management System) is control of significant environmental aspects. In order to control them you need to identify them first and distinguish significant and insignificant environmental aspects by applying some criteria for evaluation. Once you determine significant environmental aspects, you need to establish operational controls and monitor their effectiveness.

    When you have operational control established, you can later add other requirements of the standard and have entire EMS compliant with the standard, but for begining, this can d o the trick.

    For more information, see: Defining and implementing operational control in ISO 14001:2015 https://advisera.com/14001academy/blog/2016/04/11/defining-and-implementing-operational-control-in-iso-140012015/140012015/

  • Learning ISO 27001:2013 from scratch


    Answer: The best would be to start with this free online training ISO 27001 Internal Auditor Course https://advisera.com/training/iso-27001-internal-auditor-course/ - there you will learn the basics of ISO 27001:2013, as well as the auditing techniques.

  • Assets analysis


    Answer: For ISO 27001 all assets are valued regarding the impact of loss of confidentiality, integrity and availability of the information. Such valuation is performed during the risk assessment process.

    So when you think about General Manager you have to think about the potential impact if the confidentiality, integrity or availability of the information the manager needs to perform his function, or creates and provides as result of his work, is endangered.

    2. For Software Asset dependency, its goes the same?

    Answer: Yes, you can have the same approach: the potential impact on information the software needs to perform its function or, on the other way, the impact on information the software creates and makes available to organization.

    This article w ill provide you further explanation about asset management:
    - How to handle Asset register (Asset inventory) according to ISO 27001 https://advisera.com/27001academy/knowledgebase/how-to-handle-asset-register-asset-inventory-according-to-iso-27001/
    - ISO 27001 risk assessment: How to match assets, threats and vulnerabilities https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/

    These materials will also help you regarding asset management and risk assessment:
    - Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
    - Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Page 897-vs-13485 of 1128 pages

Didn’t find an answer?

Start a new topic and get direct answers from the Expert Advice Community.

CREATE NEW TOPIC +